/** * Set URI String * * @param string $str String Uri * @return object $this Current class */ protected function setUri($str) { $this->x_uri_blocked = false; // Filter out control characters and trim slashes $this->x_uri_string = trim(StringHelper::removeInvisibleCharacters($str, false), '/'); if ($this->x_uri_string !== '') { // Remove the URL suffix, if present if (($suffix = $this->x_uri_sufix) !== '') { $slen = strlen($suffix); if (substr($this->x_uri_string, -$slen) === $suffix) { $this->x_uri_string = substr($this->x_uri_string, 0, -$slen); } } // add first key $this->x_segments[0] = null; // Populate the x_segments array foreach (explode('/', trim($this->x_uri_string, '/')) as $val) { $val = trim($val); // Filter x_segments for security $this->filterUri($val); if ($val !== '') { $this->x_segments[] = $val; } } unset($this->x_segments[0]); } return $this; }
/** * Alternative decryption using Pure PHP Libraries * @http://px.sklar.com/code.html/id=1287 * Fix and added More Secure Method * * @param string $str string to be decode * @param string $pass the hash key * @return mixed decryption value output */ public static function altDecrypt($enc, $pass = '') { // if has $enc or invalid no value or not as string stop here if (!is_string($enc) || strlen(trim($enc)) < 4 || (strlen($enc) > 10 ? strpos($enc, 'aCb') !== 10 : strpos($enc, 'aCb') !== 2)) { // check if mcrypt loaded and crypt using mcrypt if (is_string($enc) && strlen(trim($enc)) > 3 && extension_loaded('mcrypt') && (strlen($enc) > 10 ? strpos($enc, 'mCb') === 10 : strpos($enc, 'mCb') === 2)) { return static::decrypt($enc, $pass); } return null; } /** * Replace Injection 3 characters sign */ $enc = strlen($enc) > 10 ? substr_replace($enc, '', 10, 3) : substr_replace($enc, '', 2, 3); // this is base64 safe encoded? if (preg_match('/[^a-z0-9\\+\\/\\=\\-\\_]/i', $enc)) { return null; } /** * ------------------------------------ * Safe Sanitized * ------------------------------------ */ $pass = !$pass ? Config::get('security_salt', '') : $pass; (is_null($pass) || $pass === false) && ($pass = ''); // safe is use array orobject as hash $pass = StringHelper::maybeSerialize($pass); if (!$pass) { $pass = Sha1::hash($pass); } /** * Doing decode of input encryption */ $enc = Internal::safeBase64Decode($enc); /** * ------------------------------------ * Doing convert encrypted string * ------------------------------------ */ $enc_arr = str_split($enc); $pass_arr = str_split($pass); $add = 0; $div = strlen($enc) / strlen($pass); $newpass = ''; while ($add <= $div) { $newpass .= $pass; $add++; } $pass_arr = str_split($newpass); $ascii = ''; foreach ($enc_arr as $key => $asc) { $pass_int = ord($pass_arr[$key]); $enc_int = ord($asc); $str_int = $enc_int - $pass_int; $ascii .= chr($str_int - strlen($enc)); } /* -------------------------------- * reversing * ------------------------------ */ // unpack $unpack = unpack('a*', trim($ascii)); /** * if empty return here */ if (!$unpack) { return null; } // implode the unpacking array $unpack = implode('', (array) $unpack); /** * Doing decode of input encryption from unpacked */ $unpack = Internal::safeBase64Decode($unpack); /** * Reverse Rotate */ $retval = Internal::rotate($unpack, 13); /** * For some case packing returning invisible characters * remove it */ $retval = StringHelper::removeInvisibleCharacters($retval, false); // check if string less than 40 && match end of hash if (strlen($retval) < 40 || substr($retval, -40) !== Sha1::hash(Sha256::hash($pass))) { return; } // remove last 40 characters $retval = substr($retval, 0, strlen($retval) - 40); // check if result is not string it will be need to be unserialize $retval = StringHelper::maybeUnserialize($retval); /** * Check if value is array */ if (is_array($retval) && array_key_exists('acb', $retval)) { return $retval['acb']; } // freed the memory unset($retval); return null; }
/** * Agregate Display * * @return void */ private static final function displayRender() { // set 500 fatal error if (static::$x_is_fatal || Route::isFatalError()) { static::$x_is_fatal = true; // set again Route::setFatalError(); // set fatal error Response::setStatus(500); // set 500 } elseif (Route::isNoMatch()) { Response::setStatus(404); // set 404 } /** * check again if not set on boolean */ if (static::$x_is_request_head === null) { static::$x_is_request_head = Request::isHead(); } /** * Get Request * This as cached variable to prevent Being Overide */ $is_head_request = static::$x_is_request_head; /** * If not in Head request * get body content before and prepend it */ if (!$is_head_request) { // start buffer if not exists ob_get_level() || ob_start(); $body = ob_get_clean(); /** * Prepend The Body if there's some output before prepend it */ Response::prepend($body); } else { // if on head request set into empty string Response::setBody(''); } /** * Fetch status, header, and body */ list($status, $headers, $body) = Response::finalize(); /** * Serialize cookies (with optional encryption) * set cookie header into Response */ Response::serializeCookies($headers); /** * no headers hooks for fatal error */ if (!static::$x_is_fatal && !$is_head_request) { /** * Set OLD Header And status * for safe header request */ $old_headers = $headers->all(); $old_status = $headers->all(); /** * Doing Headers Hook * @var string */ $headers = Hook::apply('x_headers', $headers->all()); // if on hooks change headers has not array if (!is_array($headers)) { $headers = $old_headers; } /** * Doing Status Hook * @var string */ $status = (int) Hook::apply('x_header_status', $status); // if on hooks change status and that is invalid if (!Response::getMessageForCode($status)) { $status = $old_status; } // freed unset($old_headers, $old_status); } /** * for safe method, check if headers * has not already sent. * header will be send into client * that if header has been sent , the header set will be * thrown an error */ if (!headers_sent()) { /** * Send status header */ if (strpos(PHP_SAPI, 'cgi') === 0) { header(sprintf('Status: %s', Response::getMessageForCode($status))); } else { header(sprintf('HTTP/%s %s', Config::get('http_version', '1.1'), Response::getMessageForCode($status))); } /** * Send headers, getting all headers and set it */ foreach ($headers as $name => $value) { if (!is_string($value)) { continue; } $hValues = explode("\n", $value); foreach ($hValues as $hVal) { header("{$name}: {$hVal}", false); } } } /** * Hook Body / Output Content * @var string */ $body = Hook::apply('x_before_output', $body); /** * Send body, but only if it isn't a HEAD request */ if (!Request::isHead()) { /** * Hoks only available if no fatal */ if (!static::$x_is_fatal) { /** * Force tag Output */ if (Config::get('force_tag', false)) { // force balance the tags $body = Hook::apply('x_force_tag_output', Filter::forceBalanceTags($body), $body); } /** * Safe Output Check */ if (Config::get('safe_output', false)) { // Filtering multibyte entities and set entities into false $body = Hook::apply('x_safe_output', Filter::multibyteEntities($body, false), $body, false); } /** * Inject Error Info if on debug mode */ if (Config::get('debug', false)) { $error = ErrorHandler::HtmlError(); /** * Insert Into Body content if exists * if exist data-target='x_data_error' -> will be inserted here * or will be inserted into after open <body(.?)> tag */ if ($error && is_string($error)) { $body = Hook::apply('x_error_output', preg_match('/(<div\\s*(?:data\\-target\\=(\'|\\")([\\w:]*\\s+)?x_data_error(\\s+|$2)*)(?:[^>]*)>)/', $body) ? preg_replace('/(<div\\s*(?:data\\-target\\=(\'|\\")([\\w:]*\\s+)?x_data_error(\\s+|$2)*)(?:[^>]*)>(.*))/', "\$1{$error}\$2", $body) : (stripos($body, '<body') !== false && preg_match('/(<body\\s*(?:[^>]*)>)/i', $body) ? preg_replace('/(<body\\s*(?:[^>]*)>)/i', "\$1\n{$error}", $body) : preg_replace("/^\\s\\s(\\s*)/m", "\$1", $error) . "\n{$body}"), $body); } } } /** * set again end of application */ Benchmark::set('app', 'end'); /** * check if contains shortcode here about %[ * if exists will bereturning replace */ if (strpos($body, "%[") !== false) { $body = str_replace(array('%[benchmark]%', '%[memory]%', '%[real_memory]%', '%[\\benchmark\\]%', '%[\\memory\\]%', '%[\\real_memory\\]%'), array(round(Benchmark::get('app'), 6), StringHelper::sizeFormat(Benchmark::getMemory(), 2), StringHelper::sizeFormat(Benchmark::getRealMemory(), 2), '%[benchmark]%', '%[memory]%', '%[real_memory]%'), $body); /** * fix escaped * Above will be replace if only one */ strpos($body, "%[") !== false && ($body = preg_replace('/(\\%\\[)\\\\(\\\\+)(benchmark|memory|real\\_memory)\\\\(\\\\+)(\\]\\%)/', '$1$2$3$4$5', $body)); } /** * Clean Body Output from empty non ascii characters * set second parameters to false because this is not URL */ $body = StringHelper::removeInvisibleCharacters($body, false); /** * set response body */ Response::setBody(Hook::apply('x_before_output', $body)); if (!headers_sent() && in_array('Content-Length', headers_list())) { header('Content-Length: ' . Response::getLength(), true); } /** * freed memory */ unset($body, $headers); /** * starting buffer if buffer has been cleaned before */ ob_get_level() || ob_start(); /** * print output */ echo Response::getBody(); /** * Set Hook after output if not in Fatal */ if (!static::$x_is_fatal) { // do after Hook::doAction('x_after_output', Response::getBody()); /** * start buffer again if bugger is cleared */ ob_get_level() || ob_start(); /** * doing after all end of system */ Hook::doAction('x_after_all'); } /** * set response body to empty freed the memory * Reset Body */ Response::setBody(''); } // restore error handler -> end restore_error_handler(); }